Hackers are increasingly turning their attention to home users and financial services firms with sneaky cyber attacks designed to cash in on unsuspecting victims, according to a report from Symantec.
The security software maker on Monday released its latest Internet Security Threat Report covering new and ongoing Internet threats from Jan. 1, 2006, through June 30, 2006. It reveals that home users account for 86 percent of all targeted attacks.
Financial services businesses were most heavily targeted by phishing attacks, with those firms’ sites accounting for 84 percent of all phishing-targeted sites Symantec tracked.
Hackers are targeting home users for identity theft and fraud because they are less likely to have established security measures in place, Symantec said. What’s more, hackers are using a variety of techniques to escape detection and prolong their presence on systems in order to gain more time to steal information, hijack computers for marketing purposes, or otherwise compromise confidential information with financial gain in mind.
The Weakest Link
“Attackers see end users as the weakest link in the security chain and are constantly targeting them in an effort to profit,” said Arthur Wong, senior vice president, Symantec Security Response and Managed Services.
As software vendors and enterprises successfully adapt to the changing threat environment by implementing security best practices, attackers are adopting new techniques. Those techniques include targeting malicious code at client-side applications such as Web browsers, e-mail clients and other desktop applications.
In fact, flaws affecting Web applications accounted for 69 percent of all vulnerabilities Symantec documented in the first half of 2006. Vulnerabilities in Web browsers have become increasingly prominent, with 47 documented in Mozilla browsers (compared to 17 in the last reporting period), 38 in Microsoft’s Internet Explorer (compared to 25), and 12 in Apple’s Safari (compared to six).
Evasive Techniques on the Rise
During this reporting period, 18 percent of all distinct malicious code samples Symantec detected had not been seen before. This indicates that attackers are more actively attempting to evade detection by signature-based antivirus and intrusion detection and prevention systems, according to security analysts.
“We have this stealthiness and this cash angle. When you put the two together, you have a dangerous combination of criminality with means and motives that enable it,” iDefense Senior Engineer Ken Dunham told TechNewsWorld. “As long as these attackers can hide, they can maintain control over the computer and get your credit card number, your social security number, your date of birth, and other information they need to fully exploit the victim.”
Phishers are also attempting to bypass filtering technologies by creating multiple randomized messages and distributing those messages in a broad uncontrolled fashion. During the first six months of 2006, 157,477 unique phishing messages were detected, marking an increase of 81 percent over the previous period.
At the same time, spam made up 54 percent of all monitored e-mail traffic, a slight increase from 50 percent the previous period. Most spammers are opting to exclude malicious code with their spam to decrease the chances of being blocked and instead include links to Web sites hosting malicious code.
For the Love of Money
As Dunham noted, financial gain remains the motivation behind many of today’s threats. Bot networks, or networks of compromised computers that can be remotely controlled by an attacker, can be used not only to spread malicious code, but also to send spam or phishing messages, download adware and spyware, attack an organization and harvest confidential data.
Symantec identified more than 4.6 million distinct, active bot network computers and observed an average of 57,717 active bot network computers per day during this period. Bot networks are also commonly used in denial-of-service (DoS) attacks — a major threat to organizations, as they can result in disrupted communication, loss of revenue, damage to brand and reputation, and exposure to criminal extortion schemes. During the first half of 2006, Symantec observed an average of 6,110 DoS attacks per day.
Other financially motivated attacks use modular malicious code — malware that updates itself or downloads a more aggressive threat upon establishing a foothold on the victim host — to expose sensitive information.
During the first half of 2006, modular malicious code accounted for 79 percent of the top 50 malicious code threats reported to Symantec. Malicious code threats that expose confidential data represented 30 of the top 50 samples submitted to Symantec.